Allow the completion of two step verification for moderated users

When an API that requires two step verification through 6-digit email codes is called for a moderated account, the 6-digit code is send to the user email just like in normal accounts. However if the user tries to verify the captcha through the following endpoint:

https://twostepverification.roblox.com/v1/users/{userId}/challenges/email/verify

They get the error “The user is moderated”

It makes no sense for Roblox to block the completion of the captcha if an account is moderated, because it sends the 6-digit code to the user email(basically it allows the start of the captcha process). I don’t see how a moderated/blocked error fits in an API serving a security feature.

3 Likes